| Carl-Friedrich-Gauß-Fakultät | Informatik

Linux Kernel Attack Surface Reduction Measurement

BetreuerProf. Dr. Rüdiger Kapitza
ProfessorProf. Dr. Rüdiger Kapitza
IBR GruppeDS (Prof. Kapitza)


Kernel vulnerabilities are a major current practical security problem, as attested by the weaknesses and flaws found in many commodity operating system kernels in recent years. Ever-growing code size in those projects, due to the addi- tion of new features and the reluctance to remove legacy support, indicate that this problem will remain a severe sys- tem security threat in the foreseeable future. In order to measure precisely the attack surface of the kernel, that is the amount of privileged code accessible from a given user or application through system calls, we consider using the call graph of kernel functions. This will allow us subsequently to precisely measure the efficiency of attack surface reduc- tion tools such as ktrim, which disallow the execution of unnecessary kernel functions by unprivileged applications.

The project will be in collaboration with IBM Research in Zurich. Project Goals

  • Exploring and comparing various tools allowing to map a static (i.e., based on the source code of the kernel) call graph of all kernel functions (e.g., CodeViz). Evaluating their accuracy.
  • Developing a tool that receives as input a list of disallowed kernel functions, and computes attack surface re- duction, i.e., the number of internal kernel functions accessible after the disallowed functions divided by the total number of internal kernel functions accessible.
  • Refinement of the metric (e.g., taking into account the number of lines of code in each function, or by the number of x86 instructions, or input from static taint analysis results on the Linux kernel if time permits).

Further Information


  • Knowledge of operating system principles, especially in the context of Linux (system calls, process context vs. interrupt context, kernel modules).
  • Knowledge of a (scripting) language such as Python to develop the attack surface measurement tool.
  • Linux kernel coding experience is a plus.
  • Experience in practical system security a plus (e.g., buffer overflows, TOCTTOU races).

Bei  Interesse  einfach  mal  vorbei  kommen  oder  eine  E-­Mail  schicken:


Prof. Dr. Rüdiger Kapitza oder bei Anil  Kurmus (IBM Research kur@zurich.ibm.com


aktualisiert am 14.06.2016, 16:03 von Prof. Dr. Rüdiger Kapitza